CVE-2017-5969

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libxml2 version 2.9.4

Description The issue is related to a denial of service caused by a NULL pointer dereference when libxml2 is used in recover mode. This can be triggered by a remote attacker via a crafted XML document. The maintainer of libxml2 has stated that the Recover parsing option should only be used for manual recovery, at least for the XML parser.

Recommendations For libxml2 version 2.9.4, consider disabling the recover mode to prevent exploitation until a patch is available. As a temporary workaround, avoid using the recover parsing option for automatic processing of XML documents.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2019-1924

ALT-PU-2019-3079

BDU:2023-00218

CVE-2017-5969

DLA-2972-1

MGASA-2018-0048

OPENSUSE-SU-2024:11016-1

SUSE-SU-2017:1670-1

SUSE-SU-2017:1813-1

Affected Products

Alt Linux

Suse

Libxml2

CVE-2017-5969

Weakness Enumeration

Related Identifiers

Affected Products

References · 113